Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Latest Cybersecurity News

A coming White House Executive Order seeks to protect personal information by preventing the mass transfer of Americans’ sensitive data to countries of concern.

The API attack surface is expanding and API vulnerabilities are growing. AI will help attackers find and exploit API vulnerabilities at scale.

The US has restricted trade with Canadian company Sandvine for aiding the Egyptian government’s web monitoring operations.

Pharmaceutical solutions provider Cencora discloses a cyberattack that resulted in personal information being stolen from its systems.

The US government says Russia’s APT28 group compromised Ubiquiti EdgeRouters to run cyberespionage operations worldwide.

When evaluating XDR, consider its value based on its ability to reduce complexity and improve threat detection and response times.

Chinese threat actors target Ivanti VPN appliances with new malware designed to persist system upgrades.

Intel announces new and improved security features with the latest vPro platform and Core Ultra processors.

White House calls for the “timely, complete, and consistent” publication of CVE and CWE data to help solve the security metrics problem.

The Black Basta and Bl00dy ransomware gangs have started exploiting two vulnerabilities in ConnectWise ScreenConnect.

The US government makes a $45 million investment in 16 projects to improve cybersecurity across the energy sector.

8,800 domains, many once owned by major companies, have been abused to get millions of emails past spam filters as part of SubdoMailing campaign.

Quantum computers are coming, and will defeat current PKE encryption. But this cryptopocalypse is not dependent upon quantum computers — it could happen through other means, at any time.

U-Haul says customer information was compromised in a data breach involving a reservation tracking system.

The best Red Team engagements are a balanced mix of technology, tools and human operators.

Intel Core Ultra vPro security Intel Core Ultra vPro security

Intel announces new and improved security features with the latest vPro platform and Core Ultra processors.

NIST Cybersecurity Framework 2.0 NIST Cybersecurity Framework 2.0

NIST releases Cybersecurity Framework 2.0, the first major update since the creation of the CSF a decade ago.

AI in Cybersecurity AI in Cybersecurity

AI will allow attackers to improve their attacks, and defenders to improve their defense. Over time, little will change — but the battle will be more intense.

Top Cybersecurity Headlines

A coming White House Executive Order seeks to protect personal information by preventing the mass transfer of Americans’ sensitive data to countries of concern.

The API attack surface is expanding and API vulnerabilities are growing. AI will help attackers find and exploit API vulnerabilities at scale.

The US has restricted trade with Canadian company Sandvine for aiding the Egyptian government’s web monitoring operations.

Pharmaceutical solutions provider Cencora discloses a cyberattack that resulted in personal information being stolen from its systems.

SecurityWeek Industry Experts

More Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Gain valuable insights from industry professionals who will help guide you through the intricacies of industrial cybersecurity.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Upcoming Cybersecurity Events

The AI Risk Summit brings together security and risk management executives, AI researchers, policy makers, software developers and influential business and government stakeholders. [June 25-26, Ritz-Carlton, Half Moon Bay, CA]

Learn More

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects. [March 20, 2024]

Learn More

Designed for senior level cybersecurity leaders to discuss, share and learn innovative information security and risk management strategies, SecurityWeek’s CISO Forum, will take place June 25-26 at the Ritz-Carlton, Half Moon Bay, CA

Learn More

SecurityWeek’s Threat Detection and Incident Response (TDIR) Summit dives into Threat hunting tools and frameworks, and explores the value of threat intelligence data in the defender’s security stack.

Learn More

Vulnerabilities

Cybercrime

VASCO Data Security today launched “DIGIPASS Nano,” its latest mobile security offering which consists of a thin film that users place over the SIM card in their mobile device, turning it into a secure mobile device capable of generating one-time passwords and e-signatures.

A rapid shift in the prevalence of real-time attacks from online banking trojans, such as ZeuS, are now more common than password phishing attacks, according to PhoneFactor, a provider of phone-based multi-factor authentication solutions. Organizations lack understanding about what to do to protect against these threats according to the results of the “state of online banking security” survey released today by PhoneFactor.

Solution Enables Enterprises to Deploy Private Mobile App Stores for the EnterpriseMobileIron, a provider of mobile device management and security solutions, has updated its Virtual Smartphone Platform (VSP) with several new features including the ability to let businesses create private “Enterprise App Stores” and deliver in-house iPhone and iPad apps to their employees without having to post them publicly.

According to a recent study, over 50 percent of companies in the U.K. and U.S. have an Electronically Stored Information (ESI) Disclosure strategy in place, but most haven’t revisited policies to address new communication methods such as social networking (30 percent in the U.K. and 21 percent in the U.S.) and new storage technologies such as cloud computing (28 percent in the U.K. and 16 percent in the U.S.).

The day after Twin Towers fell, all kinds of security measures changed and new ones were implemented overnight. Is there a Web identity 911 equivalent wake-up call coming—a single event that will suddenly jolt us into enforced standards overnight?

Core Security Technologies, a Boston based provider of IT security testing and measurement solutions, today introduced the latest version of its automated penetration testing solution, CORE IMPACT Pro version 11.

Salesforce.com today announced "Database.Com," a new service that it’s calling the first “enterprise database built for the cloud,” leveraging the infrastructure and technology that powers it’s core business of 87,000 Salesforce.com customers. The service isn’t scheduled to be available until 2011, maybe they can can come up with a better logo before the service goes live.

Securing Virtual Environments - VM IntrospectionKnowledge is power and, when it comes to security – the more information you have about your environment – the more effective you can be at protecting it. Depth of information is the fundamental benefit behind a concept called Virtual Machine Introspection (VMI). Its use within virtualized environments is absolutely crucial to effective risk mitigation at scale.

Amazon Web Services (AWS) today announced it has achieved Level 1 compliance with the Payment Card Industry (PCI) Data Security Standard (DSS). Organizations can now run their applications on AWS PCI-compliant technology infrastructure to store, process and transmit credit card information in the cloud. The AWS cloud infrastructure has been validated at the highest level (Level 1) of PCI compliance, to build their cardholder environment and achieve PCI certification for their applications.

What is an Advanced Persistent Threat? Attackers are Getting More Sophisticated - Here's an Example of How they Work and Insight on How to Stop Them.The news just broke: Acme has completed a strategic acquisition of Landmark and both companies are being tight-lipped concerning all of the details. Should the acquisition proceed, that's bad news for Acme's toughest competitor, which would – as a result of the deal – be set to lose a clear market advantage.

Amazon Web Services (AWS) today announced it will offer Domain Name System (DNS) service, which it is calling Amazon Route 53, the name coming from the fact that DNS servers respond to queries on port 53 and route end users accordingly.

Event image poster

The leading global conference series for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Learn More

Application Security

Application Security

The API attack surface is expanding and API vulnerabilities are growing. AI will help attackers find and exploit API vulnerabilities at scale.